@google/gemini-cli-core 0.30.0-preview.5 → 0.31.0-preview.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/docs/CONTRIBUTING.md +6 -7
- package/dist/docs/changelogs/index.md +22 -2
- package/dist/docs/changelogs/latest.md +359 -293
- package/dist/docs/changelogs/preview.md +300 -349
- package/dist/docs/cli/cli-reference.md +23 -23
- package/dist/docs/cli/enterprise.md +7 -7
- package/dist/docs/cli/gemini-md.md +1 -1
- package/dist/docs/cli/model.md +1 -1
- package/dist/docs/cli/plan-mode.md +180 -80
- package/dist/docs/cli/sandbox.md +3 -3
- package/dist/docs/cli/settings.md +59 -51
- package/dist/docs/cli/telemetry.md +4 -1
- package/dist/docs/cli/themes.md +3 -3
- package/dist/docs/cli/trusted-folders.md +31 -0
- package/dist/docs/cli/tutorials/memory-management.md +2 -2
- package/dist/docs/cli/tutorials/session-management.md +1 -1
- package/dist/docs/core/index.md +7 -7
- package/dist/docs/core/subagents.md +155 -39
- package/dist/docs/extensions/reference.md +38 -14
- package/dist/docs/get-started/authentication.md +4 -4
- package/dist/docs/get-started/examples.md +2 -2
- package/dist/docs/get-started/gemini-3.md +17 -3
- package/dist/docs/get-started/index.md +11 -2
- package/dist/docs/hooks/best-practices.md +1 -1
- package/dist/docs/hooks/reference.md +8 -0
- package/dist/docs/ide-integration/index.md +14 -0
- package/dist/docs/index.md +62 -67
- package/dist/docs/redirects.json +19 -0
- package/dist/docs/{cli → reference}/commands.md +67 -11
- package/dist/docs/{get-started → reference}/configuration.md +93 -24
- package/dist/docs/{cli → reference}/keyboard-shortcuts.md +3 -3
- package/dist/docs/{core → reference}/policy-engine.md +63 -27
- package/dist/docs/{faq.md → resources/faq.md} +1 -1
- package/dist/docs/{quota-and-pricing.md → resources/quota-and-pricing.md} +12 -5
- package/dist/docs/{tos-privacy.md → resources/tos-privacy.md} +2 -2
- package/dist/docs/{troubleshooting.md → resources/troubleshooting.md} +1 -1
- package/dist/docs/sidebar.json +203 -166
- package/dist/docs/tools/file-system.md +7 -4
- package/dist/docs/tools/index.md +5 -2
- package/dist/docs/tools/internal-docs.md +5 -5
- package/dist/docs/tools/mcp-server.md +62 -2
- package/dist/docs/tools/planning.md +2 -0
- package/dist/docs/tools/shell.md +3 -3
- package/dist/src/agents/a2a-client-manager.test.js +1 -2
- package/dist/src/agents/a2a-client-manager.test.js.map +1 -1
- package/dist/src/agents/a2aUtils.d.ts +1 -5
- package/dist/src/agents/a2aUtils.js +1 -1
- package/dist/src/agents/a2aUtils.js.map +1 -1
- package/dist/src/agents/acknowledgedAgents.js +1 -0
- package/dist/src/agents/acknowledgedAgents.js.map +1 -1
- package/dist/src/agents/agent-scheduler.js +1 -0
- package/dist/src/agents/agent-scheduler.js.map +1 -1
- package/dist/src/agents/agentLoader.d.ts +0 -1
- package/dist/src/agents/agentLoader.js +22 -21
- package/dist/src/agents/agentLoader.js.map +1 -1
- package/dist/src/agents/agentLoader.test.js +1 -5
- package/dist/src/agents/agentLoader.test.js.map +1 -1
- package/dist/src/agents/auth-provider/api-key-provider.d.ts +30 -0
- package/dist/src/agents/auth-provider/api-key-provider.js +66 -0
- package/dist/src/agents/auth-provider/api-key-provider.js.map +1 -0
- package/dist/src/agents/auth-provider/api-key-provider.test.d.ts +6 -0
- package/dist/src/agents/auth-provider/api-key-provider.test.js +130 -0
- package/dist/src/agents/auth-provider/api-key-provider.test.js.map +1 -0
- package/dist/src/agents/auth-provider/base-provider.d.ts +2 -2
- package/dist/src/agents/auth-provider/base-provider.js.map +1 -1
- package/dist/src/agents/auth-provider/factory.js +6 -3
- package/dist/src/agents/auth-provider/factory.js.map +1 -1
- package/dist/src/agents/auth-provider/factory.test.js +12 -0
- package/dist/src/agents/auth-provider/factory.test.js.map +1 -1
- package/dist/src/agents/auth-provider/types.d.ts +2 -4
- package/dist/src/agents/browser/analyzeScreenshot.d.ts +35 -0
- package/dist/src/agents/browser/analyzeScreenshot.js +183 -0
- package/dist/src/agents/browser/analyzeScreenshot.js.map +1 -0
- package/dist/src/agents/browser/analyzeScreenshot.test.d.ts +6 -0
- package/dist/src/agents/browser/analyzeScreenshot.test.js +161 -0
- package/dist/src/agents/browser/analyzeScreenshot.test.js.map +1 -0
- package/dist/src/agents/browser/browserAgentDefinition.d.ts +50 -0
- package/dist/src/agents/browser/browserAgentDefinition.js +141 -0
- package/dist/src/agents/browser/browserAgentDefinition.js.map +1 -0
- package/dist/src/agents/browser/browserAgentFactory.d.ts +42 -0
- package/dist/src/agents/browser/browserAgentFactory.js +107 -0
- package/dist/src/agents/browser/browserAgentFactory.js.map +1 -0
- package/dist/src/agents/browser/browserAgentFactory.test.d.ts +6 -0
- package/dist/src/agents/browser/browserAgentFactory.test.js +186 -0
- package/dist/src/agents/browser/browserAgentFactory.test.js.map +1 -0
- package/dist/src/agents/browser/browserAgentInvocation.d.ts +44 -0
- package/dist/src/agents/browser/browserAgentInvocation.js +109 -0
- package/dist/src/agents/browser/browserAgentInvocation.js.map +1 -0
- package/dist/src/agents/browser/browserAgentInvocation.test.d.ts +6 -0
- package/dist/src/agents/browser/browserAgentInvocation.test.js +87 -0
- package/dist/src/agents/browser/browserAgentInvocation.test.js.map +1 -0
- package/dist/src/agents/browser/browserManager.d.ts +110 -0
- package/dist/src/agents/browser/browserManager.js +323 -0
- package/dist/src/agents/browser/browserManager.js.map +1 -0
- package/dist/src/agents/browser/browserManager.test.d.ts +6 -0
- package/dist/src/agents/browser/browserManager.test.js +314 -0
- package/dist/src/agents/browser/browserManager.test.js.map +1 -0
- package/dist/src/agents/browser/mcpToolWrapper.d.ts +45 -0
- package/dist/src/agents/browser/mcpToolWrapper.js +356 -0
- package/dist/src/agents/browser/mcpToolWrapper.js.map +1 -0
- package/dist/src/agents/browser/mcpToolWrapper.test.d.ts +6 -0
- package/dist/src/agents/browser/mcpToolWrapper.test.js +126 -0
- package/dist/src/agents/browser/mcpToolWrapper.test.js.map +1 -0
- package/dist/src/agents/browser/mcpToolWrapperConfirmation.test.d.ts +6 -0
- package/dist/src/agents/browser/mcpToolWrapperConfirmation.test.js +57 -0
- package/dist/src/agents/browser/mcpToolWrapperConfirmation.test.js.map +1 -0
- package/dist/src/agents/browser/modelAvailability.d.ts +23 -0
- package/dist/src/agents/browser/modelAvailability.js +23 -0
- package/dist/src/agents/browser/modelAvailability.js.map +1 -0
- package/dist/src/agents/local-executor.js +73 -31
- package/dist/src/agents/local-executor.js.map +1 -1
- package/dist/src/agents/local-executor.test.js +157 -4
- package/dist/src/agents/local-executor.test.js.map +1 -1
- package/dist/src/agents/local-invocation.test.js.map +1 -1
- package/dist/src/agents/registry.js +8 -0
- package/dist/src/agents/registry.js.map +1 -1
- package/dist/src/agents/registry.test.js.map +1 -1
- package/dist/src/agents/remote-invocation.d.ts +2 -1
- package/dist/src/agents/remote-invocation.js +3 -3
- package/dist/src/agents/remote-invocation.js.map +1 -1
- package/dist/src/agents/subagent-tool-wrapper.js +6 -0
- package/dist/src/agents/subagent-tool-wrapper.js.map +1 -1
- package/dist/src/agents/subagent-tool.d.ts +3 -0
- package/dist/src/agents/subagent-tool.js +62 -3
- package/dist/src/agents/subagent-tool.js.map +1 -1
- package/dist/src/agents/subagent-tool.test.js +143 -0
- package/dist/src/agents/subagent-tool.test.js.map +1 -1
- package/dist/src/availability/fallbackIntegration.test.js +4 -1
- package/dist/src/availability/fallbackIntegration.test.js.map +1 -1
- package/dist/src/availability/policyHelpers.js +3 -1
- package/dist/src/availability/policyHelpers.js.map +1 -1
- package/dist/src/availability/policyHelpers.test.js +51 -5
- package/dist/src/availability/policyHelpers.test.js.map +1 -1
- package/dist/src/code_assist/admin/admin_controls.js +1 -0
- package/dist/src/code_assist/admin/admin_controls.js.map +1 -1
- package/dist/src/code_assist/converter.js +8 -2
- package/dist/src/code_assist/converter.js.map +1 -1
- package/dist/src/code_assist/converter.test.js.map +1 -1
- package/dist/src/code_assist/experiments/experiments.js +1 -1
- package/dist/src/code_assist/experiments/experiments.js.map +1 -1
- package/dist/src/code_assist/oauth-credential-storage.js +1 -1
- package/dist/src/code_assist/oauth-credential-storage.js.map +1 -1
- package/dist/src/code_assist/oauth-credential-storage.test.js +5 -0
- package/dist/src/code_assist/oauth-credential-storage.test.js.map +1 -1
- package/dist/src/code_assist/oauth2.js +11 -8
- package/dist/src/code_assist/oauth2.js.map +1 -1
- package/dist/src/code_assist/oauth2.test.js +55 -0
- package/dist/src/code_assist/oauth2.test.js.map +1 -1
- package/dist/src/code_assist/server.js +22 -13
- package/dist/src/code_assist/server.js.map +1 -1
- package/dist/src/code_assist/server.test.js +26 -0
- package/dist/src/code_assist/server.test.js.map +1 -1
- package/dist/src/code_assist/telemetry.js +16 -3
- package/dist/src/code_assist/telemetry.js.map +1 -1
- package/dist/src/code_assist/telemetry.test.js +10 -0
- package/dist/src/code_assist/telemetry.test.js.map +1 -1
- package/dist/src/code_assist/types.d.ts +13 -12
- package/dist/src/code_assist/types.js.map +1 -1
- package/dist/src/config/config.d.ts +83 -8
- package/dist/src/config/config.js +129 -24
- package/dist/src/config/config.js.map +1 -1
- package/dist/src/config/config.test.js +298 -10
- package/dist/src/config/config.test.js.map +1 -1
- package/dist/src/config/models.js +1 -0
- package/dist/src/config/models.js.map +1 -1
- package/dist/src/config/models.test.js +1 -0
- package/dist/src/config/models.test.js.map +1 -1
- package/dist/src/config/projectRegistry.js +1 -0
- package/dist/src/config/projectRegistry.js.map +1 -1
- package/dist/src/config/storage.d.ts +17 -1
- package/dist/src/config/storage.js +82 -2
- package/dist/src/config/storage.js.map +1 -1
- package/dist/src/config/storage.test.js +149 -2
- package/dist/src/config/storage.test.js.map +1 -1
- package/dist/src/config/userHintService.d.ts +46 -0
- package/dist/src/config/userHintService.js +81 -0
- package/dist/src/config/userHintService.js.map +1 -0
- package/dist/src/config/userHintService.test.d.ts +6 -0
- package/dist/src/config/userHintService.test.js +62 -0
- package/dist/src/config/userHintService.test.js.map +1 -0
- package/dist/src/confirmation-bus/message-bus.js +15 -3
- package/dist/src/confirmation-bus/message-bus.js.map +1 -1
- package/dist/src/confirmation-bus/message-bus.test.js +15 -0
- package/dist/src/confirmation-bus/message-bus.test.js.map +1 -1
- package/dist/src/confirmation-bus/types.d.ts +7 -0
- package/dist/src/confirmation-bus/types.js.map +1 -1
- package/dist/src/core/baseLlmClient.d.ts +2 -3
- package/dist/src/core/baseLlmClient.js +7 -5
- package/dist/src/core/baseLlmClient.js.map +1 -1
- package/dist/src/core/baseLlmClient.test.js +45 -20
- package/dist/src/core/baseLlmClient.test.js.map +1 -1
- package/dist/src/core/client.js +18 -7
- package/dist/src/core/client.js.map +1 -1
- package/dist/src/core/coreToolHookTriggers.d.ts +2 -3
- package/dist/src/core/coreToolHookTriggers.js +8 -3
- package/dist/src/core/coreToolHookTriggers.js.map +1 -1
- package/dist/src/core/coreToolScheduler.js +2 -1
- package/dist/src/core/coreToolScheduler.js.map +1 -1
- package/dist/src/core/coreToolScheduler.test.js +10 -3
- package/dist/src/core/coreToolScheduler.test.js.map +1 -1
- package/dist/src/core/fakeContentGenerator.js +2 -0
- package/dist/src/core/fakeContentGenerator.js.map +1 -1
- package/dist/src/core/geminiChat.d.ts +1 -1
- package/dist/src/core/geminiChat.js +5 -5
- package/dist/src/core/geminiChat.js.map +1 -1
- package/dist/src/core/geminiChat.test.js +1 -0
- package/dist/src/core/geminiChat.test.js.map +1 -1
- package/dist/src/core/geminiChat_network_retry.test.js +1 -0
- package/dist/src/core/geminiChat_network_retry.test.js.map +1 -1
- package/dist/src/core/logger.js +2 -0
- package/dist/src/core/logger.js.map +1 -1
- package/dist/src/core/loggingContentGenerator.d.ts +14 -2
- package/dist/src/core/loggingContentGenerator.js +98 -4
- package/dist/src/core/loggingContentGenerator.js.map +1 -1
- package/dist/src/core/loggingContentGenerator.test.js +275 -1
- package/dist/src/core/loggingContentGenerator.test.js.map +1 -1
- package/dist/src/core/prompts.test.js +55 -27
- package/dist/src/core/prompts.test.js.map +1 -1
- package/dist/src/core/recordingContentGenerator.test.js +5 -0
- package/dist/src/core/recordingContentGenerator.test.js.map +1 -1
- package/dist/src/core/turn.d.ts +4 -2
- package/dist/src/core/turn.js +2 -0
- package/dist/src/core/turn.js.map +1 -1
- package/dist/src/core/turn.test.js +4 -1
- package/dist/src/core/turn.test.js.map +1 -1
- package/dist/src/generated/git-commit.d.ts +2 -2
- package/dist/src/generated/git-commit.js +2 -2
- package/dist/src/hooks/hookAggregator.d.ts +1 -2
- package/dist/src/hooks/hookAggregator.js +1 -2
- package/dist/src/hooks/hookAggregator.js.map +1 -1
- package/dist/src/hooks/hookEventHandler.d.ts +2 -2
- package/dist/src/hooks/hookEventHandler.js +13 -4
- package/dist/src/hooks/hookEventHandler.js.map +1 -1
- package/dist/src/hooks/hookEventHandler.test.js +1 -2
- package/dist/src/hooks/hookEventHandler.test.js.map +1 -1
- package/dist/src/hooks/hookPlanner.d.ts +1 -2
- package/dist/src/hooks/hookPlanner.js.map +1 -1
- package/dist/src/hooks/hookRegistry.d.ts +8 -0
- package/dist/src/hooks/hookRegistry.js +31 -3
- package/dist/src/hooks/hookRegistry.js.map +1 -1
- package/dist/src/hooks/hookRegistry.test.js.map +1 -1
- package/dist/src/hooks/hookRunner.d.ts +5 -2
- package/dist/src/hooks/hookRunner.js +52 -2
- package/dist/src/hooks/hookRunner.js.map +1 -1
- package/dist/src/hooks/hookRunner.test.js.map +1 -1
- package/dist/src/hooks/hookSystem.d.ts +11 -3
- package/dist/src/hooks/hookSystem.js +10 -4
- package/dist/src/hooks/hookSystem.js.map +1 -1
- package/dist/src/hooks/hookSystem.test.js +1 -0
- package/dist/src/hooks/hookSystem.test.js.map +1 -1
- package/dist/src/hooks/runtimeHooks.test.d.ts +6 -0
- package/dist/src/hooks/runtimeHooks.test.js +100 -0
- package/dist/src/hooks/runtimeHooks.test.js.map +1 -0
- package/dist/src/hooks/trustedHooks.js +6 -1
- package/dist/src/hooks/trustedHooks.js.map +1 -1
- package/dist/src/hooks/trustedHooks.test.js +17 -9
- package/dist/src/hooks/trustedHooks.test.js.map +1 -1
- package/dist/src/hooks/types.d.ts +49 -8
- package/dist/src/hooks/types.js +20 -1
- package/dist/src/hooks/types.js.map +1 -1
- package/dist/src/ide/detect-ide.d.ts +0 -1
- package/dist/src/ide/detect-ide.js +1 -1
- package/dist/src/ide/detect-ide.js.map +1 -1
- package/dist/src/ide/ide-client.js +3 -2
- package/dist/src/ide/ide-client.js.map +1 -1
- package/dist/src/ide/ide-connection-utils.js +90 -14
- package/dist/src/ide/ide-connection-utils.js.map +1 -1
- package/dist/src/ide/ide-connection-utils.test.js +78 -0
- package/dist/src/ide/ide-connection-utils.test.js.map +1 -1
- package/dist/src/ide/ide-installer.test.js +1 -2
- package/dist/src/ide/ide-installer.test.js.map +1 -1
- package/dist/src/ide/process-utils.d.ts +7 -0
- package/dist/src/ide/process-utils.js +20 -0
- package/dist/src/ide/process-utils.js.map +1 -1
- package/dist/src/ide/process-utils.test.js +30 -0
- package/dist/src/ide/process-utils.test.js.map +1 -1
- package/dist/src/index.d.ts +6 -1
- package/dist/src/index.js +6 -1
- package/dist/src/index.js.map +1 -1
- package/dist/src/mcp/oauth-provider.d.ts +1 -1
- package/dist/src/mcp/oauth-provider.js +8 -7
- package/dist/src/mcp/oauth-provider.js.map +1 -1
- package/dist/src/mcp/oauth-provider.test.js +34 -2
- package/dist/src/mcp/oauth-provider.test.js.map +1 -1
- package/dist/src/mcp/oauth-utils.js +2 -0
- package/dist/src/mcp/oauth-utils.js.map +1 -1
- package/dist/src/mcp/oauth-utils.test.js +12 -0
- package/dist/src/mcp/oauth-utils.test.js.map +1 -1
- package/dist/src/mcp/token-storage/file-token-storage.js +4 -1
- package/dist/src/mcp/token-storage/file-token-storage.js.map +1 -1
- package/dist/src/mcp/token-storage/file-token-storage.test.js +40 -2
- package/dist/src/mcp/token-storage/file-token-storage.test.js.map +1 -1
- package/dist/src/mcp/token-storage/keychain-token-storage.js +2 -0
- package/dist/src/mcp/token-storage/keychain-token-storage.js.map +1 -1
- package/dist/src/policy/config.d.ts +18 -9
- package/dist/src/policy/config.js +75 -54
- package/dist/src/policy/config.js.map +1 -1
- package/dist/src/policy/config.test.js +26 -26
- package/dist/src/policy/integrity.d.ts +45 -0
- package/dist/src/policy/integrity.js +121 -0
- package/dist/src/policy/integrity.js.map +1 -0
- package/dist/src/policy/integrity.test.d.ts +6 -0
- package/dist/src/policy/integrity.test.js +132 -0
- package/dist/src/policy/integrity.test.js.map +1 -0
- package/dist/src/policy/persistence.test.js +29 -19
- package/dist/src/policy/persistence.test.js.map +1 -1
- package/dist/src/policy/policies/conseca.toml +6 -0
- package/dist/src/policy/policies/plan.toml +28 -12
- package/dist/src/policy/policies/read-only.toml +11 -10
- package/dist/src/policy/policies/write.toml +11 -10
- package/dist/src/policy/policies/yolo.toml +11 -10
- package/dist/src/policy/policy-engine.d.ts +16 -3
- package/dist/src/policy/policy-engine.js +154 -29
- package/dist/src/policy/policy-engine.js.map +1 -1
- package/dist/src/policy/policy-engine.test.js +480 -9
- package/dist/src/policy/policy-engine.test.js.map +1 -1
- package/dist/src/policy/policy-updater.test.js +11 -6
- package/dist/src/policy/policy-updater.test.js.map +1 -1
- package/dist/src/policy/toml-loader.d.ts +13 -2
- package/dist/src/policy/toml-loader.js +55 -34
- package/dist/src/policy/toml-loader.js.map +1 -1
- package/dist/src/policy/toml-loader.test.js +115 -7
- package/dist/src/policy/toml-loader.test.js.map +1 -1
- package/dist/src/policy/types.d.ts +18 -1
- package/dist/src/policy/types.js +1 -0
- package/dist/src/policy/types.js.map +1 -1
- package/dist/src/policy/workspace-policy.test.d.ts +6 -0
- package/dist/src/policy/workspace-policy.test.js +231 -0
- package/dist/src/policy/workspace-policy.test.js.map +1 -0
- package/dist/src/prompts/promptProvider.js +11 -13
- package/dist/src/prompts/promptProvider.js.map +1 -1
- package/dist/src/prompts/promptProvider.test.js +64 -3
- package/dist/src/prompts/promptProvider.test.js.map +1 -1
- package/dist/src/prompts/snippets.js +41 -10
- package/dist/src/prompts/snippets.js.map +1 -1
- package/dist/src/prompts/snippets.legacy.js +1 -0
- package/dist/src/prompts/snippets.legacy.js.map +1 -1
- package/dist/src/routing/modelRouterService.js +3 -1
- package/dist/src/routing/modelRouterService.js.map +1 -1
- package/dist/src/routing/modelRouterService.test.js +12 -6
- package/dist/src/routing/modelRouterService.test.js.map +1 -1
- package/dist/src/routing/strategies/approvalModeStrategy.d.ts +18 -0
- package/dist/src/routing/strategies/approvalModeStrategy.js +58 -0
- package/dist/src/routing/strategies/approvalModeStrategy.js.map +1 -0
- package/dist/src/routing/strategies/approvalModeStrategy.test.d.ts +6 -0
- package/dist/src/routing/strategies/approvalModeStrategy.test.js +110 -0
- package/dist/src/routing/strategies/approvalModeStrategy.test.js.map +1 -0
- package/dist/src/safety/checker-runner.js +1 -0
- package/dist/src/safety/checker-runner.js.map +1 -1
- package/dist/src/safety/conseca/conseca.d.ts +31 -0
- package/dist/src/safety/conseca/conseca.js +105 -0
- package/dist/src/safety/conseca/conseca.js.map +1 -0
- package/dist/src/safety/conseca/conseca.test.d.ts +6 -0
- package/dist/src/safety/conseca/conseca.test.js +226 -0
- package/dist/src/safety/conseca/conseca.test.js.map +1 -0
- package/dist/src/safety/conseca/integration.test.d.ts +6 -0
- package/dist/src/safety/conseca/integration.test.js +19 -0
- package/dist/src/safety/conseca/integration.test.js.map +1 -0
- package/dist/src/safety/conseca/policy-enforcer.d.ts +13 -0
- package/dist/src/safety/conseca/policy-enforcer.js +135 -0
- package/dist/src/safety/conseca/policy-enforcer.js.map +1 -0
- package/dist/src/safety/conseca/policy-enforcer.test.d.ts +6 -0
- package/dist/src/safety/conseca/policy-enforcer.test.js +141 -0
- package/dist/src/safety/conseca/policy-enforcer.test.js.map +1 -0
- package/dist/src/safety/conseca/policy-generator.d.ts +15 -0
- package/dist/src/safety/conseca/policy-generator.js +144 -0
- package/dist/src/safety/conseca/policy-generator.js.map +1 -0
- package/dist/src/safety/conseca/policy-generator.test.d.ts +6 -0
- package/dist/src/safety/conseca/policy-generator.test.js +84 -0
- package/dist/src/safety/conseca/policy-generator.test.js.map +1 -0
- package/dist/src/safety/conseca/types.d.ts +15 -0
- package/dist/src/safety/conseca/types.js +7 -0
- package/dist/src/safety/conseca/types.js.map +1 -0
- package/dist/src/safety/context-builder.d.ts +3 -3
- package/dist/src/safety/context-builder.js +60 -4
- package/dist/src/safety/context-builder.js.map +1 -1
- package/dist/src/safety/context-builder.test.js +98 -18
- package/dist/src/safety/context-builder.test.js.map +1 -1
- package/dist/src/safety/protocol.d.ts +4 -0
- package/dist/src/safety/registry.d.ts +2 -1
- package/dist/src/safety/registry.js +14 -4
- package/dist/src/safety/registry.js.map +1 -1
- package/dist/src/safety/registry.test.js +5 -2
- package/dist/src/safety/registry.test.js.map +1 -1
- package/dist/src/scheduler/confirmation.d.ts +0 -13
- package/dist/src/scheduler/confirmation.js +1 -1
- package/dist/src/scheduler/confirmation.js.map +1 -1
- package/dist/src/scheduler/policy.js +6 -2
- package/dist/src/scheduler/policy.js.map +1 -1
- package/dist/src/scheduler/policy.test.js +4 -3
- package/dist/src/scheduler/policy.test.js.map +1 -1
- package/dist/src/scheduler/scheduler.d.ts +3 -1
- package/dist/src/scheduler/scheduler.js +148 -28
- package/dist/src/scheduler/scheduler.js.map +1 -1
- package/dist/src/scheduler/scheduler.test.js +341 -242
- package/dist/src/scheduler/scheduler.test.js.map +1 -1
- package/dist/src/scheduler/scheduler_parallel.test.d.ts +6 -0
- package/dist/src/scheduler/scheduler_parallel.test.js +309 -0
- package/dist/src/scheduler/scheduler_parallel.test.js.map +1 -0
- package/dist/src/scheduler/state-manager.d.ts +8 -0
- package/dist/src/scheduler/state-manager.js +30 -2
- package/dist/src/scheduler/state-manager.js.map +1 -1
- package/dist/src/scheduler/state-manager.test.js +61 -0
- package/dist/src/scheduler/state-manager.test.js.map +1 -1
- package/dist/src/scheduler/tool-executor.js +15 -7
- package/dist/src/scheduler/tool-executor.js.map +1 -1
- package/dist/src/scheduler/tool-executor.test.js +1 -1
- package/dist/src/scheduler/tool-executor.test.js.map +1 -1
- package/dist/src/scheduler/types.d.ts +23 -0
- package/dist/src/services/FolderTrustDiscoveryService.d.ts +32 -0
- package/dist/src/services/FolderTrustDiscoveryService.js +167 -0
- package/dist/src/services/FolderTrustDiscoveryService.js.map +1 -0
- package/dist/src/services/FolderTrustDiscoveryService.test.d.ts +6 -0
- package/dist/src/services/FolderTrustDiscoveryService.test.js +118 -0
- package/dist/src/services/FolderTrustDiscoveryService.test.js.map +1 -0
- package/dist/src/services/chatCompressionService.d.ts +0 -14
- package/dist/src/services/chatCompressionService.js +29 -7
- package/dist/src/services/chatCompressionService.js.map +1 -1
- package/dist/src/services/chatCompressionService.test.js +3 -1
- package/dist/src/services/chatCompressionService.test.js.map +1 -1
- package/dist/src/services/chatRecordingService.d.ts +7 -1
- package/dist/src/services/chatRecordingService.js +12 -1
- package/dist/src/services/chatRecordingService.js.map +1 -1
- package/dist/src/services/chatRecordingService.test.js +34 -0
- package/dist/src/services/chatRecordingService.test.js.map +1 -1
- package/dist/src/services/loopDetectionService.js +1 -2
- package/dist/src/services/loopDetectionService.js.map +1 -1
- package/dist/src/services/sessionSummaryUtils.js +3 -0
- package/dist/src/services/sessionSummaryUtils.js.map +1 -1
- package/dist/src/services/shellExecutionService.js +6 -0
- package/dist/src/services/shellExecutionService.js.map +1 -1
- package/dist/src/skills/skillLoader.js +2 -2
- package/dist/src/skills/skillLoader.js.map +1 -1
- package/dist/src/telemetry/clearcut-logger/clearcut-logger.d.ts +3 -1
- package/dist/src/telemetry/clearcut-logger/clearcut-logger.js +35 -4
- package/dist/src/telemetry/clearcut-logger/clearcut-logger.js.map +1 -1
- package/dist/src/telemetry/clearcut-logger/clearcut-logger.test.d.ts +0 -1
- package/dist/src/telemetry/clearcut-logger/clearcut-logger.test.js +19 -5
- package/dist/src/telemetry/clearcut-logger/clearcut-logger.test.js.map +1 -1
- package/dist/src/telemetry/clearcut-logger/event-metadata-key.d.ts +14 -1
- package/dist/src/telemetry/clearcut-logger/event-metadata-key.js +29 -1
- package/dist/src/telemetry/clearcut-logger/event-metadata-key.js.map +1 -1
- package/dist/src/telemetry/conseca-logger.d.ts +9 -0
- package/dist/src/telemetry/conseca-logger.js +91 -0
- package/dist/src/telemetry/conseca-logger.js.map +1 -0
- package/dist/src/telemetry/conseca-logger.test.d.ts +6 -0
- package/dist/src/telemetry/conseca-logger.test.js +89 -0
- package/dist/src/telemetry/conseca-logger.test.js.map +1 -0
- package/dist/src/telemetry/gcp-exporters.js +1 -2
- package/dist/src/telemetry/gcp-exporters.js.map +1 -1
- package/dist/src/telemetry/index.d.ts +2 -1
- package/dist/src/telemetry/index.js +2 -1
- package/dist/src/telemetry/index.js.map +1 -1
- package/dist/src/telemetry/integration.test.circular.js +3 -0
- package/dist/src/telemetry/integration.test.circular.js.map +1 -1
- package/dist/src/telemetry/loggers.d.ts +1 -2
- package/dist/src/telemetry/loggers.js +3 -13
- package/dist/src/telemetry/loggers.js.map +1 -1
- package/dist/src/telemetry/loggers.test.circular.js +3 -0
- package/dist/src/telemetry/loggers.test.circular.js.map +1 -1
- package/dist/src/telemetry/loggers.test.js +6 -5
- package/dist/src/telemetry/loggers.test.js.map +1 -1
- package/dist/src/telemetry/metrics.d.ts +1 -3
- package/dist/src/telemetry/metrics.js +3 -2
- package/dist/src/telemetry/metrics.js.map +1 -1
- package/dist/src/telemetry/metrics.test.js +7 -3
- package/dist/src/telemetry/metrics.test.js.map +1 -1
- package/dist/src/telemetry/sanitize.test.js +19 -18
- package/dist/src/telemetry/sanitize.test.js.map +1 -1
- package/dist/src/telemetry/semantic.d.ts +7 -9
- package/dist/src/telemetry/semantic.js +8 -8
- package/dist/src/telemetry/semantic.js.map +1 -1
- package/dist/src/telemetry/types.d.ts +42 -4
- package/dist/src/telemetry/types.js +87 -2
- package/dist/src/telemetry/types.js.map +1 -1
- package/dist/src/telemetry/uiTelemetry.d.ts +1 -2
- package/dist/src/telemetry/uiTelemetry.js.map +1 -1
- package/dist/src/telemetry/uiTelemetry.test.js +1 -2
- package/dist/src/telemetry/uiTelemetry.test.js.map +1 -1
- package/dist/src/tools/ask-user.test.js +1 -19
- package/dist/src/tools/ask-user.test.js.map +1 -1
- package/dist/src/tools/confirmation-policy.test.js +14 -17
- package/dist/src/tools/confirmation-policy.test.js.map +1 -1
- package/dist/src/tools/definitions/dynamic-declaration-helpers.js +1 -1
- package/dist/src/tools/definitions/dynamic-declaration-helpers.js.map +1 -1
- package/dist/src/tools/definitions/model-family-sets/default-legacy.js +14 -16
- package/dist/src/tools/definitions/model-family-sets/default-legacy.js.map +1 -1
- package/dist/src/tools/definitions/model-family-sets/gemini-3.js +24 -59
- package/dist/src/tools/definitions/model-family-sets/gemini-3.js.map +1 -1
- package/dist/src/tools/diff-utils.d.ts +9 -0
- package/dist/src/tools/diff-utils.js +66 -0
- package/dist/src/tools/diff-utils.js.map +1 -0
- package/dist/src/tools/diff-utils.test.d.ts +6 -0
- package/dist/src/tools/diff-utils.test.js +53 -0
- package/dist/src/tools/diff-utils.test.js.map +1 -0
- package/dist/src/tools/edit.d.ts +9 -4
- package/dist/src/tools/edit.js +203 -34
- package/dist/src/tools/edit.js.map +1 -1
- package/dist/src/tools/edit.test.js +225 -10
- package/dist/src/tools/edit.test.js.map +1 -1
- package/dist/src/tools/enter-plan-mode.js +1 -1
- package/dist/src/tools/enter-plan-mode.js.map +1 -1
- package/dist/src/tools/enter-plan-mode.test.js +1 -1
- package/dist/src/tools/enter-plan-mode.test.js.map +1 -1
- package/dist/src/tools/exit-plan-mode.js +10 -24
- package/dist/src/tools/exit-plan-mode.js.map +1 -1
- package/dist/src/tools/exit-plan-mode.test.js +1 -1
- package/dist/src/tools/exit-plan-mode.test.js.map +1 -1
- package/dist/src/tools/grep-utils.d.ts +49 -0
- package/dist/src/tools/grep-utils.js +139 -0
- package/dist/src/tools/grep-utils.js.map +1 -0
- package/dist/src/tools/grep.js +4 -44
- package/dist/src/tools/grep.js.map +1 -1
- package/dist/src/tools/grep.test.js +21 -2
- package/dist/src/tools/grep.test.js.map +1 -1
- package/dist/src/tools/ls.js +6 -1
- package/dist/src/tools/ls.js.map +1 -1
- package/dist/src/tools/ls.test.js +2 -2
- package/dist/src/tools/ls.test.js.map +1 -1
- package/dist/src/tools/mcp-client-manager.js +16 -18
- package/dist/src/tools/mcp-client-manager.js.map +1 -1
- package/dist/src/tools/mcp-client-manager.test.js +51 -0
- package/dist/src/tools/mcp-client-manager.test.js.map +1 -1
- package/dist/src/tools/mcp-client.d.ts +22 -1
- package/dist/src/tools/mcp-client.js +95 -36
- package/dist/src/tools/mcp-client.js.map +1 -1
- package/dist/src/tools/mcp-client.test.js +148 -20
- package/dist/src/tools/mcp-client.test.js.map +1 -1
- package/dist/src/tools/mcp-tool.d.ts +15 -5
- package/dist/src/tools/mcp-tool.js +36 -8
- package/dist/src/tools/mcp-tool.js.map +1 -1
- package/dist/src/tools/memoryTool.js +1 -1
- package/dist/src/tools/memoryTool.js.map +1 -1
- package/dist/src/tools/memoryTool.test.js +5 -0
- package/dist/src/tools/memoryTool.test.js.map +1 -1
- package/dist/src/tools/omissionPlaceholderDetector.d.ts +15 -0
- package/dist/src/tools/omissionPlaceholderDetector.js +90 -0
- package/dist/src/tools/omissionPlaceholderDetector.js.map +1 -0
- package/dist/src/tools/omissionPlaceholderDetector.test.d.ts +6 -0
- package/dist/src/tools/omissionPlaceholderDetector.test.js +49 -0
- package/dist/src/tools/omissionPlaceholderDetector.test.js.map +1 -0
- package/dist/src/tools/read-file.d.ts +4 -4
- package/dist/src/tools/read-file.js +17 -10
- package/dist/src/tools/read-file.js.map +1 -1
- package/dist/src/tools/read-file.test.js +20 -10
- package/dist/src/tools/read-file.test.js.map +1 -1
- package/dist/src/tools/ripGrep.js +49 -46
- package/dist/src/tools/ripGrep.js.map +1 -1
- package/dist/src/tools/ripGrep.test.js +52 -37
- package/dist/src/tools/ripGrep.test.js.map +1 -1
- package/dist/src/tools/shell.d.ts +2 -2
- package/dist/src/tools/shell.js +2 -2
- package/dist/src/tools/shell.js.map +1 -1
- package/dist/src/tools/shell.test.js +1 -2
- package/dist/src/tools/shell.test.js.map +1 -1
- package/dist/src/tools/tool-names.d.ts +0 -6
- package/dist/src/tools/tool-names.js +0 -15
- package/dist/src/tools/tool-names.js.map +1 -1
- package/dist/src/tools/tool-registry.d.ts +1 -0
- package/dist/src/tools/tool-registry.js +33 -6
- package/dist/src/tools/tool-registry.js.map +1 -1
- package/dist/src/tools/tool-registry.test.js +47 -0
- package/dist/src/tools/tool-registry.test.js.map +1 -1
- package/dist/src/tools/tools.d.ts +21 -1
- package/dist/src/tools/tools.js +19 -3
- package/dist/src/tools/tools.js.map +1 -1
- package/dist/src/tools/tools.test.js +24 -0
- package/dist/src/tools/tools.test.js.map +1 -1
- package/dist/src/tools/web-fetch.d.ts +9 -1
- package/dist/src/tools/web-fetch.js +273 -34
- package/dist/src/tools/web-fetch.js.map +1 -1
- package/dist/src/tools/web-fetch.test.js +303 -30
- package/dist/src/tools/web-fetch.test.js.map +1 -1
- package/dist/src/tools/write-file.js +14 -10
- package/dist/src/tools/write-file.js.map +1 -1
- package/dist/src/tools/write-file.test.js +75 -0
- package/dist/src/tools/write-file.test.js.map +1 -1
- package/dist/src/tools/write-todos.d.ts +2 -2
- package/dist/src/tools/write-todos.js +1 -1
- package/dist/src/tools/write-todos.js.map +1 -1
- package/dist/src/tools/xcode-mcp-fix-transport.js +4 -1
- package/dist/src/tools/xcode-mcp-fix-transport.js.map +1 -1
- package/dist/src/utils/approvalModeUtils.d.ts +14 -0
- package/dist/src/utils/approvalModeUtils.js +35 -0
- package/dist/src/utils/approvalModeUtils.js.map +1 -0
- package/dist/src/utils/approvalModeUtils.test.d.ts +6 -0
- package/dist/src/utils/approvalModeUtils.test.js +36 -0
- package/dist/src/utils/approvalModeUtils.test.js.map +1 -0
- package/dist/src/utils/authConsent.d.ts +1 -1
- package/dist/src/utils/authConsent.js +10 -8
- package/dist/src/utils/authConsent.js.map +1 -1
- package/dist/src/utils/authConsent.test.js +89 -44
- package/dist/src/utils/authConsent.test.js.map +1 -1
- package/dist/src/utils/compatibility.d.ts +41 -0
- package/dist/src/utils/compatibility.js +112 -0
- package/dist/src/utils/compatibility.js.map +1 -0
- package/dist/src/utils/compatibility.test.d.ts +6 -0
- package/dist/src/utils/compatibility.test.js +233 -0
- package/dist/src/utils/compatibility.test.js.map +1 -0
- package/dist/src/utils/editCorrector.js +22 -29
- package/dist/src/utils/editCorrector.js.map +1 -1
- package/dist/src/utils/editCorrector.test.js.map +1 -1
- package/dist/src/utils/envExpansion.d.ts +18 -0
- package/dist/src/utils/envExpansion.js +46 -0
- package/dist/src/utils/envExpansion.js.map +1 -0
- package/dist/src/utils/envExpansion.test.d.ts +6 -0
- package/dist/src/utils/envExpansion.test.js +110 -0
- package/dist/src/utils/envExpansion.test.js.map +1 -0
- package/dist/src/utils/errors.d.ts +1 -0
- package/dist/src/utils/errors.js +55 -10
- package/dist/src/utils/errors.js.map +1 -1
- package/dist/src/utils/errors.test.js +27 -1
- package/dist/src/utils/errors.test.js.map +1 -1
- package/dist/src/utils/events.d.ts +17 -0
- package/dist/src/utils/events.js +12 -0
- package/dist/src/utils/events.js.map +1 -1
- package/dist/src/utils/events.test.d.ts +1 -1
- package/dist/src/utils/events.test.js +50 -3
- package/dist/src/utils/events.test.js.map +1 -1
- package/dist/src/utils/fastAckHelper.js +2 -1
- package/dist/src/utils/fastAckHelper.js.map +1 -1
- package/dist/src/utils/fetch.d.ts +1 -1
- package/dist/src/utils/fetch.js +15 -2
- package/dist/src/utils/fetch.js.map +1 -1
- package/dist/src/utils/fileDiffUtils.d.ts +2 -2
- package/dist/src/utils/fileDiffUtils.js +1 -2
- package/dist/src/utils/fileDiffUtils.js.map +1 -1
- package/dist/src/utils/fileUtils.d.ts +5 -3
- package/dist/src/utils/fileUtils.js +25 -16
- package/dist/src/utils/fileUtils.js.map +1 -1
- package/dist/src/utils/fileUtils.test.js +14 -13
- package/dist/src/utils/fileUtils.test.js.map +1 -1
- package/dist/src/utils/filesearch/fileSearch.js +4 -1
- package/dist/src/utils/filesearch/fileSearch.js.map +1 -1
- package/dist/src/utils/getFolderStructure.test.js +4 -5
- package/dist/src/utils/getFolderStructure.test.js.map +1 -1
- package/dist/src/utils/getPty.js +4 -0
- package/dist/src/utils/getPty.js.map +1 -1
- package/dist/src/utils/googleErrors.js +29 -5
- package/dist/src/utils/googleErrors.js.map +1 -1
- package/dist/src/utils/googleQuotaErrors.js +10 -0
- package/dist/src/utils/googleQuotaErrors.js.map +1 -1
- package/dist/src/utils/googleQuotaErrors.test.js +16 -1
- package/dist/src/utils/googleQuotaErrors.test.js.map +1 -1
- package/dist/src/utils/memoryDiscovery.js +2 -0
- package/dist/src/utils/memoryDiscovery.js.map +1 -1
- package/dist/src/utils/memoryDiscovery.test.js +1 -2
- package/dist/src/utils/memoryDiscovery.test.js.map +1 -1
- package/dist/src/utils/retry.d.ts +1 -1
- package/dist/src/utils/retry.js +9 -4
- package/dist/src/utils/retry.js.map +1 -1
- package/dist/src/utils/retry.test.js +15 -12
- package/dist/src/utils/retry.test.js.map +1 -1
- package/dist/src/utils/safeJsonStringify.js +3 -0
- package/dist/src/utils/safeJsonStringify.js.map +1 -1
- package/dist/src/utils/schemaValidator.js +5 -3
- package/dist/src/utils/schemaValidator.js.map +1 -1
- package/dist/src/utils/session.d.ts +1 -0
- package/dist/src/utils/session.js +3 -0
- package/dist/src/utils/session.js.map +1 -1
- package/dist/src/utils/sessionUtils.d.ts +14 -0
- package/dist/src/utils/sessionUtils.js +113 -0
- package/dist/src/utils/sessionUtils.js.map +1 -0
- package/dist/src/utils/sessionUtils.test.d.ts +1 -0
- package/dist/src/utils/sessionUtils.test.js +137 -0
- package/dist/src/utils/sessionUtils.test.js.map +1 -0
- package/dist/src/utils/shell-utils.js +1 -0
- package/dist/src/utils/shell-utils.js.map +1 -1
- package/dist/src/utils/stdio.js +6 -0
- package/dist/src/utils/stdio.js.map +1 -1
- package/dist/src/utils/textUtils.d.ts +9 -0
- package/dist/src/utils/textUtils.js +15 -0
- package/dist/src/utils/textUtils.js.map +1 -1
- package/dist/src/utils/textUtils.test.js +42 -1
- package/dist/src/utils/textUtils.test.js.map +1 -1
- package/dist/src/utils/toolCallContext.d.ts +0 -5
- package/dist/src/utils/toolCallContext.js +1 -1
- package/dist/src/utils/toolCallContext.js.map +1 -1
- package/dist/src/utils/userAccountManager.js +3 -0
- package/dist/src/utils/userAccountManager.js.map +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/package.json +6 -3
- package/dist/docs/architecture.md +0 -80
- package/dist/docs/cli/index.md +0 -123
- package/dist/docs/core/concepts.md +0 -137
- package/dist/docs/get-started/configuration-v1.md +0 -882
- package/dist/google-gemini-cli-core-0.30.0-preview.4.tgz +0 -0
- /package/dist/docs/{core → reference}/memport.md +0 -0
- /package/dist/docs/{core → reference}/tools-api.md +0 -0
- /package/dist/docs/{cli → resources}/uninstall.md +0 -0
|
@@ -0,0 +1,121 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @license
|
|
3
|
+
* Copyright 2026 Google LLC
|
|
4
|
+
* SPDX-License-Identifier: Apache-2.0
|
|
5
|
+
*/
|
|
6
|
+
import * as crypto from 'node:crypto';
|
|
7
|
+
import * as fs from 'node:fs/promises';
|
|
8
|
+
import * as path from 'node:path';
|
|
9
|
+
import { Storage } from '../config/storage.js';
|
|
10
|
+
import { readPolicyFiles } from './toml-loader.js';
|
|
11
|
+
import { debugLogger } from '../utils/debugLogger.js';
|
|
12
|
+
import { isNodeError } from '../utils/errors.js';
|
|
13
|
+
export var IntegrityStatus;
|
|
14
|
+
(function (IntegrityStatus) {
|
|
15
|
+
IntegrityStatus["MATCH"] = "MATCH";
|
|
16
|
+
IntegrityStatus["MISMATCH"] = "MISMATCH";
|
|
17
|
+
IntegrityStatus["NEW"] = "NEW";
|
|
18
|
+
})(IntegrityStatus || (IntegrityStatus = {}));
|
|
19
|
+
export class PolicyIntegrityManager {
|
|
20
|
+
/**
|
|
21
|
+
* Checks the integrity of policies in a given directory against the stored hash.
|
|
22
|
+
*
|
|
23
|
+
* @param scope The scope of the policy (e.g., 'project', 'user').
|
|
24
|
+
* @param identifier A unique identifier for the policy scope (e.g., project path).
|
|
25
|
+
* @param policyDir The directory containing the policy files.
|
|
26
|
+
* @returns IntegrityResult indicating if the current policies match the stored hash.
|
|
27
|
+
*/
|
|
28
|
+
async checkIntegrity(scope, identifier, policyDir) {
|
|
29
|
+
const { hash: currentHash, fileCount } = await PolicyIntegrityManager.calculateIntegrityHash(policyDir);
|
|
30
|
+
const storedData = await this.loadIntegrityData();
|
|
31
|
+
const key = this.getIntegrityKey(scope, identifier);
|
|
32
|
+
const storedHash = storedData[key];
|
|
33
|
+
if (!storedHash) {
|
|
34
|
+
return { status: IntegrityStatus.NEW, hash: currentHash, fileCount };
|
|
35
|
+
}
|
|
36
|
+
if (storedHash === currentHash) {
|
|
37
|
+
return { status: IntegrityStatus.MATCH, hash: currentHash, fileCount };
|
|
38
|
+
}
|
|
39
|
+
return { status: IntegrityStatus.MISMATCH, hash: currentHash, fileCount };
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Accepts and persists the current integrity hash for a given policy scope.
|
|
43
|
+
*
|
|
44
|
+
* @param scope The scope of the policy.
|
|
45
|
+
* @param identifier A unique identifier for the policy scope (e.g., project path).
|
|
46
|
+
* @param hash The hash to persist.
|
|
47
|
+
*/
|
|
48
|
+
async acceptIntegrity(scope, identifier, hash) {
|
|
49
|
+
const storedData = await this.loadIntegrityData();
|
|
50
|
+
const key = this.getIntegrityKey(scope, identifier);
|
|
51
|
+
storedData[key] = hash;
|
|
52
|
+
await this.saveIntegrityData(storedData);
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Calculates a SHA-256 hash of all policy files in the directory.
|
|
56
|
+
* The hash includes the relative file path and content to detect renames and modifications.
|
|
57
|
+
*
|
|
58
|
+
* @param policyDir The directory containing the policy files.
|
|
59
|
+
* @returns The calculated hash and file count
|
|
60
|
+
*/
|
|
61
|
+
static async calculateIntegrityHash(policyDir) {
|
|
62
|
+
try {
|
|
63
|
+
const files = await readPolicyFiles(policyDir);
|
|
64
|
+
// Sort files by path to ensure deterministic hashing
|
|
65
|
+
files.sort((a, b) => a.path.localeCompare(b.path));
|
|
66
|
+
const hash = crypto.createHash('sha256');
|
|
67
|
+
for (const file of files) {
|
|
68
|
+
const relativePath = path.relative(policyDir, file.path);
|
|
69
|
+
// Include relative path and content in the hash
|
|
70
|
+
hash.update(relativePath);
|
|
71
|
+
hash.update('\0'); // Separator
|
|
72
|
+
hash.update(file.content);
|
|
73
|
+
hash.update('\0'); // Separator
|
|
74
|
+
}
|
|
75
|
+
return { hash: hash.digest('hex'), fileCount: files.length };
|
|
76
|
+
}
|
|
77
|
+
catch (error) {
|
|
78
|
+
debugLogger.error('Failed to calculate policy integrity hash', error);
|
|
79
|
+
// Return a unique hash (random) to force a mismatch if calculation fails?
|
|
80
|
+
// Or throw? Throwing is better so we don't accidentally accept/deny corrupted state.
|
|
81
|
+
throw error;
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
getIntegrityKey(scope, identifier) {
|
|
85
|
+
return `${scope}:${identifier}`;
|
|
86
|
+
}
|
|
87
|
+
async loadIntegrityData() {
|
|
88
|
+
const storagePath = Storage.getPolicyIntegrityStoragePath();
|
|
89
|
+
try {
|
|
90
|
+
const content = await fs.readFile(storagePath, 'utf-8');
|
|
91
|
+
const parsed = JSON.parse(content);
|
|
92
|
+
if (typeof parsed === 'object' &&
|
|
93
|
+
parsed !== null &&
|
|
94
|
+
Object.values(parsed).every((v) => typeof v === 'string')) {
|
|
95
|
+
// eslint-disable-next-line @typescript-eslint/no-unsafe-type-assertion
|
|
96
|
+
return parsed;
|
|
97
|
+
}
|
|
98
|
+
debugLogger.warn('Invalid policy integrity data format');
|
|
99
|
+
return {};
|
|
100
|
+
}
|
|
101
|
+
catch (error) {
|
|
102
|
+
if (isNodeError(error) && error.code === 'ENOENT') {
|
|
103
|
+
return {};
|
|
104
|
+
}
|
|
105
|
+
debugLogger.error('Failed to load policy integrity data', error);
|
|
106
|
+
return {};
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
async saveIntegrityData(data) {
|
|
110
|
+
const storagePath = Storage.getPolicyIntegrityStoragePath();
|
|
111
|
+
try {
|
|
112
|
+
await fs.mkdir(path.dirname(storagePath), { recursive: true });
|
|
113
|
+
await fs.writeFile(storagePath, JSON.stringify(data, null, 2), 'utf-8');
|
|
114
|
+
}
|
|
115
|
+
catch (error) {
|
|
116
|
+
debugLogger.error('Failed to save policy integrity data', error);
|
|
117
|
+
throw error;
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
//# sourceMappingURL=integrity.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"integrity.js","sourceRoot":"","sources":["../../../src/policy/integrity.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEjD,MAAM,CAAN,IAAY,eAIX;AAJD,WAAY,eAAe;IACzB,kCAAe,CAAA;IACf,wCAAqB,CAAA;IACrB,8BAAW,CAAA;AACb,CAAC,EAJW,eAAe,KAAf,eAAe,QAI1B;AAYD,MAAM,OAAO,sBAAsB;IACjC;;;;;;;OAOG;IACH,KAAK,CAAC,cAAc,CAClB,KAAa,EACb,UAAkB,EAClB,SAAiB;QAEjB,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,GACpC,MAAM,sBAAsB,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;QACjE,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAClD,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;QACpD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;QAEnC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,EAAE,MAAM,EAAE,eAAe,CAAC,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC;QACvE,CAAC;QAED,IAAI,UAAU,KAAK,WAAW,EAAE,CAAC;YAC/B,OAAO,EAAE,MAAM,EAAE,eAAe,CAAC,KAAK,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC;QACzE,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,eAAe,CAAC,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC;IAC5E,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,eAAe,CACnB,KAAa,EACb,UAAkB,EAClB,IAAY;QAEZ,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAClD,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;QACpD,UAAU,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;QACvB,MAAM,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;IAED;;;;;;OAMG;IACK,MAAM,CAAC,KAAK,CAAC,sBAAsB,CACzC,SAAiB;QAEjB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,SAAS,CAAC,CAAC;YAE/C,qDAAqD;YACrD,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;YAEnD,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;YAEzC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;gBACzD,gDAAgD;gBAChD,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,YAAY;gBAC/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,YAAY;YACjC,CAAC;YAED,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;QAC/D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,WAAW,CAAC,KAAK,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAC;YACtE,0EAA0E;YAC1E,qFAAqF;YACrF,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAEO,eAAe,CAAC,KAAa,EAAE,UAAkB;QACvD,OAAO,GAAG,KAAK,IAAI,UAAU,EAAE,CAAC;IAClC,CAAC;IAEO,KAAK,CAAC,iBAAiB;QAC7B,MAAM,WAAW,GAAG,OAAO,CAAC,6BAA6B,EAAE,CAAC;QAC5D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;YACxD,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC5C,IACE,OAAO,MAAM,KAAK,QAAQ;gBAC1B,MAAM,KAAK,IAAI;gBACf,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,EACzD,CAAC;gBACD,uEAAuE;gBACvE,OAAO,MAA6B,CAAC;YACvC,CAAC;YACD,WAAW,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACzD,OAAO,EAAE,CAAC;QACZ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,WAAW,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAClD,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,WAAW,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;YACjE,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,IAAyB;QACvD,MAAM,WAAW,GAAG,OAAO,CAAC,6BAA6B,EAAE,CAAC;QAC5D,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/D,MAAM,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAC1E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,WAAW,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;YACjE,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,132 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @license
|
|
3
|
+
* Copyright 2026 Google LLC
|
|
4
|
+
* SPDX-License-Identifier: Apache-2.0
|
|
5
|
+
*/
|
|
6
|
+
import { describe, it, expect, vi, afterEach, beforeEach } from 'vitest';
|
|
7
|
+
import { PolicyIntegrityManager, IntegrityStatus } from './integrity.js';
|
|
8
|
+
import * as fs from 'node:fs/promises';
|
|
9
|
+
import * as path from 'node:path';
|
|
10
|
+
import * as os from 'node:os';
|
|
11
|
+
import { Storage } from '../config/storage.js';
|
|
12
|
+
describe('PolicyIntegrityManager', () => {
|
|
13
|
+
let integrityManager;
|
|
14
|
+
let tempDir;
|
|
15
|
+
let integrityStoragePath;
|
|
16
|
+
beforeEach(async () => {
|
|
17
|
+
tempDir = await fs.mkdtemp(path.join(os.tmpdir(), 'gemini-cli-test-'));
|
|
18
|
+
integrityStoragePath = path.join(tempDir, 'policy_integrity.json');
|
|
19
|
+
vi.spyOn(Storage, 'getPolicyIntegrityStoragePath').mockReturnValue(integrityStoragePath);
|
|
20
|
+
integrityManager = new PolicyIntegrityManager();
|
|
21
|
+
});
|
|
22
|
+
afterEach(async () => {
|
|
23
|
+
await fs.rm(tempDir, { recursive: true, force: true });
|
|
24
|
+
vi.restoreAllMocks();
|
|
25
|
+
});
|
|
26
|
+
describe('checkIntegrity', () => {
|
|
27
|
+
it('should return NEW if no stored hash', async () => {
|
|
28
|
+
const policyDir = path.join(tempDir, 'policies');
|
|
29
|
+
await fs.mkdir(policyDir);
|
|
30
|
+
await fs.writeFile(path.join(policyDir, 'a.toml'), 'contentA');
|
|
31
|
+
const result = await integrityManager.checkIntegrity('workspace', 'id', policyDir);
|
|
32
|
+
expect(result.status).toBe(IntegrityStatus.NEW);
|
|
33
|
+
expect(result.hash).toBeDefined();
|
|
34
|
+
expect(result.hash).toHaveLength(64);
|
|
35
|
+
expect(result.fileCount).toBe(1);
|
|
36
|
+
});
|
|
37
|
+
it('should return MATCH if stored hash matches', async () => {
|
|
38
|
+
const policyDir = path.join(tempDir, 'policies');
|
|
39
|
+
await fs.mkdir(policyDir);
|
|
40
|
+
await fs.writeFile(path.join(policyDir, 'a.toml'), 'contentA');
|
|
41
|
+
// First run to get the hash
|
|
42
|
+
const resultNew = await integrityManager.checkIntegrity('workspace', 'id', policyDir);
|
|
43
|
+
const currentHash = resultNew.hash;
|
|
44
|
+
// Save the hash to mock storage
|
|
45
|
+
await fs.writeFile(integrityStoragePath, JSON.stringify({ 'workspace:id': currentHash }));
|
|
46
|
+
const result = await integrityManager.checkIntegrity('workspace', 'id', policyDir);
|
|
47
|
+
expect(result.status).toBe(IntegrityStatus.MATCH);
|
|
48
|
+
expect(result.hash).toBe(currentHash);
|
|
49
|
+
});
|
|
50
|
+
it('should return MISMATCH if stored hash differs', async () => {
|
|
51
|
+
const policyDir = path.join(tempDir, 'policies');
|
|
52
|
+
await fs.mkdir(policyDir);
|
|
53
|
+
await fs.writeFile(path.join(policyDir, 'a.toml'), 'contentA');
|
|
54
|
+
const resultNew = await integrityManager.checkIntegrity('workspace', 'id', policyDir);
|
|
55
|
+
const currentHash = resultNew.hash;
|
|
56
|
+
// Save a different hash
|
|
57
|
+
await fs.writeFile(integrityStoragePath, JSON.stringify({ 'workspace:id': 'different_hash' }));
|
|
58
|
+
const result = await integrityManager.checkIntegrity('workspace', 'id', policyDir);
|
|
59
|
+
expect(result.status).toBe(IntegrityStatus.MISMATCH);
|
|
60
|
+
expect(result.hash).toBe(currentHash);
|
|
61
|
+
});
|
|
62
|
+
it('should result in different hash if filename changes', async () => {
|
|
63
|
+
const policyDir1 = path.join(tempDir, 'policies1');
|
|
64
|
+
await fs.mkdir(policyDir1);
|
|
65
|
+
await fs.writeFile(path.join(policyDir1, 'a.toml'), 'contentA');
|
|
66
|
+
const result1 = await integrityManager.checkIntegrity('workspace', 'id', policyDir1);
|
|
67
|
+
const policyDir2 = path.join(tempDir, 'policies2');
|
|
68
|
+
await fs.mkdir(policyDir2);
|
|
69
|
+
await fs.writeFile(path.join(policyDir2, 'b.toml'), 'contentA');
|
|
70
|
+
const result2 = await integrityManager.checkIntegrity('workspace', 'id', policyDir2);
|
|
71
|
+
expect(result1.hash).not.toBe(result2.hash);
|
|
72
|
+
});
|
|
73
|
+
it('should result in different hash if content changes', async () => {
|
|
74
|
+
const policyDir = path.join(tempDir, 'policies');
|
|
75
|
+
await fs.mkdir(policyDir);
|
|
76
|
+
await fs.writeFile(path.join(policyDir, 'a.toml'), 'contentA');
|
|
77
|
+
const result1 = await integrityManager.checkIntegrity('workspace', 'id', policyDir);
|
|
78
|
+
await fs.writeFile(path.join(policyDir, 'a.toml'), 'contentB');
|
|
79
|
+
const result2 = await integrityManager.checkIntegrity('workspace', 'id', policyDir);
|
|
80
|
+
expect(result1.hash).not.toBe(result2.hash);
|
|
81
|
+
});
|
|
82
|
+
it('should be deterministic (sort order)', async () => {
|
|
83
|
+
const policyDir1 = path.join(tempDir, 'policies1');
|
|
84
|
+
await fs.mkdir(policyDir1);
|
|
85
|
+
await fs.writeFile(path.join(policyDir1, 'a.toml'), 'contentA');
|
|
86
|
+
await fs.writeFile(path.join(policyDir1, 'b.toml'), 'contentB');
|
|
87
|
+
const result1 = await integrityManager.checkIntegrity('workspace', 'id', policyDir1);
|
|
88
|
+
// Re-read with same files but they might be in different order in readdir
|
|
89
|
+
// PolicyIntegrityManager should sort them.
|
|
90
|
+
const result2 = await integrityManager.checkIntegrity('workspace', 'id', policyDir1);
|
|
91
|
+
expect(result1.hash).toBe(result2.hash);
|
|
92
|
+
});
|
|
93
|
+
it('should handle multiple projects correctly', async () => {
|
|
94
|
+
const dirA = path.join(tempDir, 'dirA');
|
|
95
|
+
await fs.mkdir(dirA);
|
|
96
|
+
await fs.writeFile(path.join(dirA, 'p.toml'), 'contentA');
|
|
97
|
+
const dirB = path.join(tempDir, 'dirB');
|
|
98
|
+
await fs.mkdir(dirB);
|
|
99
|
+
await fs.writeFile(path.join(dirB, 'p.toml'), 'contentB');
|
|
100
|
+
const { hash: hashA } = await integrityManager.checkIntegrity('workspace', 'idA', dirA);
|
|
101
|
+
const { hash: hashB } = await integrityManager.checkIntegrity('workspace', 'idB', dirB);
|
|
102
|
+
// Save to storage
|
|
103
|
+
await fs.writeFile(integrityStoragePath, JSON.stringify({
|
|
104
|
+
'workspace:idA': hashA,
|
|
105
|
+
'workspace:idB': 'oldHashB',
|
|
106
|
+
}));
|
|
107
|
+
// Project A should match
|
|
108
|
+
const resultA = await integrityManager.checkIntegrity('workspace', 'idA', dirA);
|
|
109
|
+
expect(resultA.status).toBe(IntegrityStatus.MATCH);
|
|
110
|
+
expect(resultA.hash).toBe(hashA);
|
|
111
|
+
// Project B should mismatch
|
|
112
|
+
const resultB = await integrityManager.checkIntegrity('workspace', 'idB', dirB);
|
|
113
|
+
expect(resultB.status).toBe(IntegrityStatus.MISMATCH);
|
|
114
|
+
expect(resultB.hash).toBe(hashB);
|
|
115
|
+
});
|
|
116
|
+
});
|
|
117
|
+
describe('acceptIntegrity', () => {
|
|
118
|
+
it('should save the hash to storage', async () => {
|
|
119
|
+
await integrityManager.acceptIntegrity('workspace', 'id', 'hash123');
|
|
120
|
+
const stored = JSON.parse(await fs.readFile(integrityStoragePath, 'utf-8'));
|
|
121
|
+
expect(stored['workspace:id']).toBe('hash123');
|
|
122
|
+
});
|
|
123
|
+
it('should update existing hash', async () => {
|
|
124
|
+
await fs.writeFile(integrityStoragePath, JSON.stringify({ 'other:id': 'otherhash' }));
|
|
125
|
+
await integrityManager.acceptIntegrity('workspace', 'id', 'hash123');
|
|
126
|
+
const stored = JSON.parse(await fs.readFile(integrityStoragePath, 'utf-8'));
|
|
127
|
+
expect(stored['other:id']).toBe('otherhash');
|
|
128
|
+
expect(stored['workspace:id']).toBe('hash123');
|
|
129
|
+
});
|
|
130
|
+
});
|
|
131
|
+
});
|
|
132
|
+
//# sourceMappingURL=integrity.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"integrity.test.js","sourceRoot":"","sources":["../../../src/policy/integrity.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACzE,OAAO,EAAE,sBAAsB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACzE,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAE/C,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,IAAI,gBAAwC,CAAC;IAC7C,IAAI,OAAe,CAAC;IACpB,IAAI,oBAA4B,CAAC;IAEjC,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC;QACvE,oBAAoB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,uBAAuB,CAAC,CAAC;QAEnE,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,+BAA+B,CAAC,CAAC,eAAe,CAChE,oBAAoB,CACrB,CAAC;QAEF,gBAAgB,GAAG,IAAI,sBAAsB,EAAE,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACvD,EAAE,CAAC,eAAe,EAAE,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;YACjD,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAC1B,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE,UAAU,CAAC,CAAC;YAE/D,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,cAAc,CAClD,WAAW,EACX,IAAI,EACJ,SAAS,CACV,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;YACrC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;YACjD,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAC1B,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE,UAAU,CAAC,CAAC;YAE/D,4BAA4B;YAC5B,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,cAAc,CACrD,WAAW,EACX,IAAI,EACJ,SAAS,CACV,CAAC;YACF,MAAM,WAAW,GAAG,SAAS,CAAC,IAAI,CAAC;YAEnC,gCAAgC;YAChC,MAAM,EAAE,CAAC,SAAS,CAChB,oBAAoB,EACpB,IAAI,CAAC,SAAS,CAAC,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAChD,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,cAAc,CAClD,WAAW,EACX,IAAI,EACJ,SAAS,CACV,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;YACjD,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAC1B,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE,UAAU,CAAC,CAAC;YAE/D,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,cAAc,CACrD,WAAW,EACX,IAAI,EACJ,SAAS,CACV,CAAC;YACF,MAAM,WAAW,GAAG,SAAS,CAAC,IAAI,CAAC;YAEnC,wBAAwB;YACxB,MAAM,EAAE,CAAC,SAAS,CAChB,oBAAoB,EACpB,IAAI,CAAC,SAAS,CAAC,EAAE,cAAc,EAAE,gBAAgB,EAAE,CAAC,CACrD,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,cAAc,CAClD,WAAW,EACX,IAAI,EACJ,SAAS,CACV,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YACrD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;YACnE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YACnD,MAAM,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YAC3B,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,UAAU,CAAC,CAAC;YAEhE,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,cAAc,CACnD,WAAW,EACX,IAAI,EACJ,UAAU,CACX,CAAC;YAEF,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YACnD,MAAM,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YAC3B,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,UAAU,CAAC,CAAC;YAEhE,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,cAAc,CACnD,WAAW,EACX,IAAI,EACJ,UAAU,CACX,CAAC;YAEF,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;YAClE,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;YACjD,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAE1B,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE,UAAU,CAAC,CAAC;YAC/D,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,cAAc,CACnD,WAAW,EACX,IAAI,EACJ,SAAS,CACV,CAAC;YAEF,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,EAAE,UAAU,CAAC,CAAC;YAC/D,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,cAAc,CACnD,WAAW,EACX,IAAI,EACJ,SAAS,CACV,CAAC;YAEF,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;YACpD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YACnD,MAAM,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YAC3B,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,UAAU,CAAC,CAAC;YAChE,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,UAAU,CAAC,CAAC;YAEhE,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,cAAc,CACnD,WAAW,EACX,IAAI,EACJ,UAAU,CACX,CAAC;YAEF,0EAA0E;YAC1E,2CAA2C;YAC3C,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,cAAc,CACnD,WAAW,EACX,IAAI,EACJ,UAAU,CACX,CAAC;YAEF,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;YACzD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACxC,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACrB,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,UAAU,CAAC,CAAC;YAE1D,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACxC,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACrB,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,UAAU,CAAC,CAAC;YAE1D,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,gBAAgB,CAAC,cAAc,CAC3D,WAAW,EACX,KAAK,EACL,IAAI,CACL,CAAC;YACF,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,gBAAgB,CAAC,cAAc,CAC3D,WAAW,EACX,KAAK,EACL,IAAI,CACL,CAAC;YAEF,kBAAkB;YAClB,MAAM,EAAE,CAAC,SAAS,CAChB,oBAAoB,EACpB,IAAI,CAAC,SAAS,CAAC;gBACb,eAAe,EAAE,KAAK;gBACtB,eAAe,EAAE,UAAU;aAC5B,CAAC,CACH,CAAC;YAEF,yBAAyB;YACzB,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,cAAc,CACnD,WAAW,EACX,KAAK,EACL,IAAI,CACL,CAAC;YACF,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YACnD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAEjC,4BAA4B;YAC5B,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,cAAc,CACnD,WAAW,EACX,KAAK,EACL,IAAI,CACL,CAAC;YACF,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YACtD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;QAC/B,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;YAC/C,MAAM,gBAAgB,CAAC,eAAe,CAAC,WAAW,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;YAErE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CACvB,MAAM,EAAE,CAAC,QAAQ,CAAC,oBAAoB,EAAE,OAAO,CAAC,CACjD,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;YAC3C,MAAM,EAAE,CAAC,SAAS,CAChB,oBAAoB,EACpB,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC,CAC5C,CAAC;YAEF,MAAM,gBAAgB,CAAC,eAAe,CAAC,WAAW,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;YAErE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CACvB,MAAM,EAAE,CAAC,QAAQ,CAAC,oBAAoB,EAAE,OAAO,CAAC,CACjD,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC7C,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -6,17 +6,18 @@
|
|
|
6
6
|
import { describe, it, expect, vi, beforeEach, afterEach, } from 'vitest';
|
|
7
7
|
import * as fs from 'node:fs/promises';
|
|
8
8
|
import * as path from 'node:path';
|
|
9
|
-
import { createPolicyUpdater } from './config.js';
|
|
9
|
+
import { createPolicyUpdater, ALWAYS_ALLOW_PRIORITY } from './config.js';
|
|
10
10
|
import { PolicyEngine } from './policy-engine.js';
|
|
11
11
|
import { MessageBus } from '../confirmation-bus/message-bus.js';
|
|
12
12
|
import { MessageBusType } from '../confirmation-bus/types.js';
|
|
13
|
-
import { Storage } from '../config/storage.js';
|
|
13
|
+
import { Storage, AUTO_SAVED_POLICY_FILENAME } from '../config/storage.js';
|
|
14
14
|
import { ApprovalMode } from './types.js';
|
|
15
15
|
vi.mock('node:fs/promises');
|
|
16
16
|
vi.mock('../config/storage.js');
|
|
17
17
|
describe('createPolicyUpdater', () => {
|
|
18
18
|
let policyEngine;
|
|
19
19
|
let messageBus;
|
|
20
|
+
let mockStorage;
|
|
20
21
|
beforeEach(() => {
|
|
21
22
|
policyEngine = new PolicyEngine({
|
|
22
23
|
rules: [],
|
|
@@ -24,15 +25,18 @@ describe('createPolicyUpdater', () => {
|
|
|
24
25
|
approvalMode: ApprovalMode.DEFAULT,
|
|
25
26
|
});
|
|
26
27
|
messageBus = new MessageBus(policyEngine);
|
|
28
|
+
mockStorage = new Storage('/mock/project');
|
|
27
29
|
vi.clearAllMocks();
|
|
28
30
|
});
|
|
29
31
|
afterEach(() => {
|
|
30
32
|
vi.restoreAllMocks();
|
|
31
33
|
});
|
|
32
34
|
it('should persist policy when persist flag is true', async () => {
|
|
33
|
-
createPolicyUpdater(policyEngine, messageBus);
|
|
34
|
-
const
|
|
35
|
-
|
|
35
|
+
createPolicyUpdater(policyEngine, messageBus, mockStorage);
|
|
36
|
+
const workspacePoliciesDir = '/mock/project/.gemini/policies';
|
|
37
|
+
const policyFile = path.join(workspacePoliciesDir, AUTO_SAVED_POLICY_FILENAME);
|
|
38
|
+
vi.spyOn(mockStorage, 'getWorkspacePoliciesDir').mockReturnValue(workspacePoliciesDir);
|
|
39
|
+
vi.spyOn(mockStorage, 'getAutoSavedPolicyPath').mockReturnValue(policyFile);
|
|
36
40
|
fs.mkdir.mockResolvedValue(undefined);
|
|
37
41
|
fs.readFile.mockRejectedValue(new Error('File not found')); // Simulate new file
|
|
38
42
|
const mockFileHandle = {
|
|
@@ -49,18 +53,18 @@ describe('createPolicyUpdater', () => {
|
|
|
49
53
|
});
|
|
50
54
|
// Wait for async operations (microtasks)
|
|
51
55
|
await new Promise((resolve) => setTimeout(resolve, 0));
|
|
52
|
-
expect(
|
|
53
|
-
expect(fs.mkdir).toHaveBeenCalledWith(
|
|
56
|
+
expect(mockStorage.getWorkspacePoliciesDir).toHaveBeenCalled();
|
|
57
|
+
expect(fs.mkdir).toHaveBeenCalledWith(workspacePoliciesDir, {
|
|
54
58
|
recursive: true,
|
|
55
59
|
});
|
|
56
60
|
expect(fs.open).toHaveBeenCalledWith(expect.stringMatching(/\.tmp$/), 'wx');
|
|
57
61
|
// Check written content
|
|
58
62
|
const expectedContent = expect.stringContaining(`toolName = "test_tool"`);
|
|
59
63
|
expect(mockFileHandle.writeFile).toHaveBeenCalledWith(expectedContent, 'utf-8');
|
|
60
|
-
expect(fs.rename).toHaveBeenCalledWith(expect.stringMatching(/\.tmp$/),
|
|
64
|
+
expect(fs.rename).toHaveBeenCalledWith(expect.stringMatching(/\.tmp$/), policyFile);
|
|
61
65
|
});
|
|
62
66
|
it('should not persist policy when persist flag is false or undefined', async () => {
|
|
63
|
-
createPolicyUpdater(policyEngine, messageBus);
|
|
67
|
+
createPolicyUpdater(policyEngine, messageBus, mockStorage);
|
|
64
68
|
await messageBus.publish({
|
|
65
69
|
type: MessageBusType.UPDATE_POLICY,
|
|
66
70
|
toolName: 'test_tool',
|
|
@@ -70,9 +74,11 @@ describe('createPolicyUpdater', () => {
|
|
|
70
74
|
expect(fs.rename).not.toHaveBeenCalled();
|
|
71
75
|
});
|
|
72
76
|
it('should persist policy with commandPrefix when provided', async () => {
|
|
73
|
-
createPolicyUpdater(policyEngine, messageBus);
|
|
74
|
-
const
|
|
75
|
-
|
|
77
|
+
createPolicyUpdater(policyEngine, messageBus, mockStorage);
|
|
78
|
+
const workspacePoliciesDir = '/mock/project/.gemini/policies';
|
|
79
|
+
const policyFile = path.join(workspacePoliciesDir, AUTO_SAVED_POLICY_FILENAME);
|
|
80
|
+
vi.spyOn(mockStorage, 'getWorkspacePoliciesDir').mockReturnValue(workspacePoliciesDir);
|
|
81
|
+
vi.spyOn(mockStorage, 'getAutoSavedPolicyPath').mockReturnValue(policyFile);
|
|
76
82
|
fs.mkdir.mockResolvedValue(undefined);
|
|
77
83
|
fs.readFile.mockRejectedValue(new Error('File not found'));
|
|
78
84
|
const mockFileHandle = {
|
|
@@ -94,16 +100,18 @@ describe('createPolicyUpdater', () => {
|
|
|
94
100
|
const rules = policyEngine.getRules();
|
|
95
101
|
const addedRule = rules.find((r) => r.toolName === toolName);
|
|
96
102
|
expect(addedRule).toBeDefined();
|
|
97
|
-
expect(addedRule?.priority).toBe(
|
|
103
|
+
expect(addedRule?.priority).toBe(ALWAYS_ALLOW_PRIORITY);
|
|
98
104
|
expect(addedRule?.argsPattern).toEqual(new RegExp(`"command":"git\\ status(?:[\\s"]|\\\\")`));
|
|
99
105
|
// Verify file written
|
|
100
106
|
expect(fs.open).toHaveBeenCalledWith(expect.stringMatching(/\.tmp$/), 'wx');
|
|
101
107
|
expect(mockFileHandle.writeFile).toHaveBeenCalledWith(expect.stringContaining(`commandPrefix = "git status"`), 'utf-8');
|
|
102
108
|
});
|
|
103
109
|
it('should persist policy with mcpName and toolName when provided', async () => {
|
|
104
|
-
createPolicyUpdater(policyEngine, messageBus);
|
|
105
|
-
const
|
|
106
|
-
|
|
110
|
+
createPolicyUpdater(policyEngine, messageBus, mockStorage);
|
|
111
|
+
const workspacePoliciesDir = '/mock/project/.gemini/policies';
|
|
112
|
+
const policyFile = path.join(workspacePoliciesDir, AUTO_SAVED_POLICY_FILENAME);
|
|
113
|
+
vi.spyOn(mockStorage, 'getWorkspacePoliciesDir').mockReturnValue(workspacePoliciesDir);
|
|
114
|
+
vi.spyOn(mockStorage, 'getAutoSavedPolicyPath').mockReturnValue(policyFile);
|
|
107
115
|
fs.mkdir.mockResolvedValue(undefined);
|
|
108
116
|
fs.readFile.mockRejectedValue(new Error('File not found'));
|
|
109
117
|
const mockFileHandle = {
|
|
@@ -131,9 +139,11 @@ describe('createPolicyUpdater', () => {
|
|
|
131
139
|
expect(writtenContent).toContain('priority = 200');
|
|
132
140
|
});
|
|
133
141
|
it('should escape special characters in toolName and mcpName', async () => {
|
|
134
|
-
createPolicyUpdater(policyEngine, messageBus);
|
|
135
|
-
const
|
|
136
|
-
|
|
142
|
+
createPolicyUpdater(policyEngine, messageBus, mockStorage);
|
|
143
|
+
const workspacePoliciesDir = '/mock/project/.gemini/policies';
|
|
144
|
+
const policyFile = path.join(workspacePoliciesDir, AUTO_SAVED_POLICY_FILENAME);
|
|
145
|
+
vi.spyOn(mockStorage, 'getWorkspacePoliciesDir').mockReturnValue(workspacePoliciesDir);
|
|
146
|
+
vi.spyOn(mockStorage, 'getAutoSavedPolicyPath').mockReturnValue(policyFile);
|
|
137
147
|
fs.mkdir.mockResolvedValue(undefined);
|
|
138
148
|
fs.readFile.mockRejectedValue(new Error('File not found'));
|
|
139
149
|
const mockFileHandle = {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"persistence.test.js","sourceRoot":"","sources":["../../../src/policy/persistence.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,QAAQ,EACR,EAAE,EACF,MAAM,EACN,EAAE,EACF,UAAU,EACV,SAAS,GAEV,MAAM,QAAQ,CAAC;AAChB,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"persistence.test.js","sourceRoot":"","sources":["../../../src/policy/persistence.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,QAAQ,EACR,EAAE,EACF,MAAM,EACN,EAAE,EACF,UAAU,EACV,SAAS,GAEV,MAAM,QAAQ,CAAC;AAChB,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,oCAAoC,CAAC;AAChE,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,OAAO,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE1C,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;AAC5B,EAAE,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;AAEhC,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,IAAI,YAA0B,CAAC;IAC/B,IAAI,UAAsB,CAAC;IAC3B,IAAI,WAAoB,CAAC;IAEzB,UAAU,CAAC,GAAG,EAAE;QACd,YAAY,GAAG,IAAI,YAAY,CAAC;YAC9B,KAAK,EAAE,EAAE;YACT,QAAQ,EAAE,EAAE;YACZ,YAAY,EAAE,YAAY,CAAC,OAAO;SACnC,CAAC,CAAC;QACH,UAAU,GAAG,IAAI,UAAU,CAAC,YAAY,CAAC,CAAC;QAC1C,WAAW,GAAG,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;QAC3C,EAAE,CAAC,aAAa,EAAE,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,EAAE,CAAC,eAAe,EAAE,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,mBAAmB,CAAC,YAAY,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;QAE3D,MAAM,oBAAoB,GAAG,gCAAgC,CAAC;QAC9D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAC1B,oBAAoB,EACpB,0BAA0B,CAC3B,CAAC;QACF,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,yBAAyB,CAAC,CAAC,eAAe,CAC9D,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,wBAAwB,CAAC,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QAC3E,EAAE,CAAC,KAAyB,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAC1D,EAAE,CAAC,QAA4B,CAAC,iBAAiB,CAChD,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAC5B,CAAC,CAAC,oBAAoB;QAEvB,MAAM,cAAc,GAAG;YACrB,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC;YAC/C,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC;SAC5C,CAAC;QACD,EAAE,CAAC,IAAwB,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC;QAC9D,EAAE,CAAC,MAA0B,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAE5D,MAAM,QAAQ,GAAG,WAAW,CAAC;QAC7B,MAAM,UAAU,CAAC,OAAO,CAAC;YACvB,IAAI,EAAE,cAAc,CAAC,aAAa;YAClC,QAAQ;YACR,OAAO,EAAE,IAAI;SACd,CAAC,CAAC;QAEH,yCAAyC;QACzC,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;QAEvD,MAAM,CAAC,WAAW,CAAC,uBAAuB,CAAC,CAAC,gBAAgB,EAAE,CAAC;QAC/D,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,oBAAoB,EAAE;YAC1D,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC;QAE5E,wBAAwB;QACxB,MAAM,eAAe,GAAG,MAAM,CAAC,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;QAC1E,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACnD,eAAe,EACf,OAAO,CACR,CAAC;QACF,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,oBAAoB,CACpC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,EAC/B,UAAU,CACX,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,mBAAmB,CAAC,YAAY,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;QAE3D,MAAM,UAAU,CAAC,OAAO,CAAC;YACvB,IAAI,EAAE,cAAc,CAAC,aAAa;YAClC,QAAQ,EAAE,WAAW;SACtB,CAAC,CAAC;QAEH,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;QAEvD,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC5C,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,mBAAmB,CAAC,YAAY,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;QAE3D,MAAM,oBAAoB,GAAG,gCAAgC,CAAC;QAC9D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAC1B,oBAAoB,EACpB,0BAA0B,CAC3B,CAAC;QACF,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,yBAAyB,CAAC,CAAC,eAAe,CAC9D,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,wBAAwB,CAAC,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QAC3E,EAAE,CAAC,KAAyB,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAC1D,EAAE,CAAC,QAA4B,CAAC,iBAAiB,CAChD,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAC5B,CAAC;QAEF,MAAM,cAAc,GAAG;YACrB,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC;YAC/C,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC;SAC5C,CAAC;QACD,EAAE,CAAC,IAAwB,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC;QAC9D,EAAE,CAAC,MAA0B,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAE5D,MAAM,QAAQ,GAAG,mBAAmB,CAAC;QACrC,MAAM,aAAa,GAAG,YAAY,CAAC;QAEnC,MAAM,UAAU,CAAC,OAAO,CAAC;YACvB,IAAI,EAAE,cAAc,CAAC,aAAa;YAClC,QAAQ;YACR,OAAO,EAAE,IAAI;YACb,aAAa;SACd,CAAC,CAAC;QAEH,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;QAEvD,mCAAmC;QACnC,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;QAC7D,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;QAChC,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QACxD,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,OAAO,CACpC,IAAI,MAAM,CAAC,yCAAyC,CAAC,CACtD,CAAC;QAEF,sBAAsB;QACtB,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC;QAC5E,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACnD,MAAM,CAAC,gBAAgB,CAAC,8BAA8B,CAAC,EACvD,OAAO,CACR,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;QAC7E,mBAAmB,CAAC,YAAY,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;QAE3D,MAAM,oBAAoB,GAAG,gCAAgC,CAAC;QAC9D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAC1B,oBAAoB,EACpB,0BAA0B,CAC3B,CAAC;QACF,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,yBAAyB,CAAC,CAAC,eAAe,CAC9D,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,wBAAwB,CAAC,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QAC3E,EAAE,CAAC,KAAyB,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAC1D,EAAE,CAAC,QAA4B,CAAC,iBAAiB,CAChD,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAC5B,CAAC;QAEF,MAAM,cAAc,GAAG;YACrB,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC;YAC/C,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC;SAC5C,CAAC;QACD,EAAE,CAAC,IAAwB,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC;QAC9D,EAAE,CAAC,MAA0B,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAE5D,MAAM,OAAO,GAAG,gBAAgB,CAAC;QACjC,MAAM,cAAc,GAAG,QAAQ,CAAC;QAChC,MAAM,QAAQ,GAAG,GAAG,OAAO,KAAK,cAAc,EAAE,CAAC;QAEjD,MAAM,UAAU,CAAC,OAAO,CAAC;YACvB,IAAI,EAAE,cAAc,CAAC,aAAa;YAClC,QAAQ;YACR,OAAO,EAAE,IAAI;YACb,OAAO;SACR,CAAC,CAAC;QAEH,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;QAEvD,sBAAsB;QACtB,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC;QAC5E,MAAM,SAAS,GAAG,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACzD,MAAM,cAAc,GAAG,SAAS,CAAC,CAAC,CAAW,CAAC;QAC9C,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,cAAc,OAAO,GAAG,CAAC,CAAC;QAC3D,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,eAAe,cAAc,GAAG,CAAC,CAAC;QACnE,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,mBAAmB,CAAC,YAAY,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;QAE3D,MAAM,oBAAoB,GAAG,gCAAgC,CAAC;QAC9D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAC1B,oBAAoB,EACpB,0BAA0B,CAC3B,CAAC;QACF,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,yBAAyB,CAAC,CAAC,eAAe,CAC9D,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,wBAAwB,CAAC,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QAC3E,EAAE,CAAC,KAAyB,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAC1D,EAAE,CAAC,QAA4B,CAAC,iBAAiB,CAChD,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAC5B,CAAC;QAEF,MAAM,cAAc,GAAG;YACrB,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC;YAC/C,KAAK,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,SAAS,CAAC;SAC5C,CAAC;QACD,EAAE,CAAC,IAAwB,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC;QAC9D,EAAE,CAAC,MAA0B,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAE5D,MAAM,OAAO,GAAG,gBAAgB,CAAC;QACjC,MAAM,QAAQ,GAAG,8BAA8B,CAAC;QAEhD,MAAM,UAAU,CAAC,OAAO,CAAC;YACvB,IAAI,EAAE,cAAc,CAAC,aAAa;YAClC,QAAQ;YACR,OAAO,EAAE,IAAI;YACb,OAAO;SACR,CAAC,CAAC;QAEH,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;QAEvD,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC;QAC5E,MAAM,SAAS,GAAG,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACzD,MAAM,cAAc,GAAG,SAAS,CAAC,CAAC,CAAW,CAAC;QAE9C,yCAAyC;QACzC,iGAAiG;QACjG,uEAAuE;QACvE,IAAI,CAAC;YACH,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,gCAAgC,CAAC,CAAC;QACrE,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,4BAA4B,CAAC,CAAC;QACjE,CAAC;QAED,IAAI,CAAC;YACH,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,+BAA+B,CAAC,CAAC;QACpE,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,2BAA2B,CAAC,CAAC;QAChE,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -5,19 +5,20 @@
|
|
|
5
5
|
#
|
|
6
6
|
# Priority bands (tiers):
|
|
7
7
|
# - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
|
|
8
|
-
# -
|
|
9
|
-
# -
|
|
8
|
+
# - Workspace policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
|
|
9
|
+
# - User policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
|
|
10
|
+
# - Admin policies (TOML): 4 + priority/1000 (e.g., priority 100 → 4.100)
|
|
10
11
|
#
|
|
11
|
-
# This ensures Admin > User > Default hierarchy is always preserved,
|
|
12
|
+
# This ensures Admin > User > Workspace > Default hierarchy is always preserved,
|
|
12
13
|
# while allowing user-specified priorities to work within each tier.
|
|
13
14
|
#
|
|
14
|
-
# Settings-based and dynamic rules (all in user tier
|
|
15
|
-
#
|
|
16
|
-
#
|
|
17
|
-
#
|
|
18
|
-
#
|
|
19
|
-
#
|
|
20
|
-
#
|
|
15
|
+
# Settings-based and dynamic rules (all in user tier 3.x):
|
|
16
|
+
# 3.95: Tools that the user has selected as "Always Allow" in the interactive UI
|
|
17
|
+
# 3.9: MCP servers excluded list (security: persistent server blocks)
|
|
18
|
+
# 3.4: Command line flag --exclude-tools (explicit temporary blocks)
|
|
19
|
+
# 3.3: Command line flag --allowed-tools (explicit temporary allows)
|
|
20
|
+
# 3.2: MCP servers with trust=true (persistent trusted servers)
|
|
21
|
+
# 3.1: MCP servers allowed list (persistent general server allows)
|
|
21
22
|
#
|
|
22
23
|
# TOML policy priorities (before transformation):
|
|
23
24
|
# 10: Write tools default to ASK_USER (becomes 1.010 in default tier)
|
|
@@ -35,6 +36,13 @@ deny_message = "You are in Plan Mode with access to read-only tools. Execution o
|
|
|
35
36
|
|
|
36
37
|
# Explicitly Allow Read-Only Tools in Plan mode.
|
|
37
38
|
|
|
39
|
+
[[rule]]
|
|
40
|
+
mcpName = "*"
|
|
41
|
+
toolAnnotations = { readOnlyHint = true }
|
|
42
|
+
decision = "ask_user"
|
|
43
|
+
priority = 70
|
|
44
|
+
modes = ["plan"]
|
|
45
|
+
|
|
38
46
|
[[rule]]
|
|
39
47
|
toolName = ["glob", "grep_search", "list_directory", "read_file", "google_web_search", "activate_skill"]
|
|
40
48
|
decision = "allow"
|
|
@@ -47,10 +55,18 @@ decision = "ask_user"
|
|
|
47
55
|
priority = 70
|
|
48
56
|
modes = ["plan"]
|
|
49
57
|
|
|
50
|
-
# Allow write_file and replace for .md files in plans directory
|
|
58
|
+
# Allow write_file and replace for .md files in the plans directory (cross-platform)
|
|
51
59
|
[[rule]]
|
|
52
60
|
toolName = ["write_file", "replace"]
|
|
53
61
|
decision = "allow"
|
|
54
62
|
priority = 70
|
|
55
63
|
modes = ["plan"]
|
|
56
|
-
argsPattern = "\"file_path\":\"[^\"]
|
|
64
|
+
argsPattern = "\"file_path\":\"[^\"]+[\\\\/]+\\.gemini[\\\\/]+tmp[\\\\/]+[\\w-]+[\\\\/]+[\\w-]+[\\\\/]+plans[\\\\/]+[\\w-]+\\.md\""
|
|
65
|
+
|
|
66
|
+
# Explicitly Deny other write operations in Plan mode with a clear message.
|
|
67
|
+
[[rule]]
|
|
68
|
+
toolName = ["write_file", "replace"]
|
|
69
|
+
decision = "deny"
|
|
70
|
+
priority = 65
|
|
71
|
+
modes = ["plan"]
|
|
72
|
+
deny_message = "You are in Plan Mode and cannot modify source code. You may ONLY use write_file or replace to save plans to the designated plans directory as .md files."
|
|
@@ -5,19 +5,20 @@
|
|
|
5
5
|
#
|
|
6
6
|
# Priority bands (tiers):
|
|
7
7
|
# - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
|
|
8
|
-
# -
|
|
9
|
-
# -
|
|
8
|
+
# - Workspace policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
|
|
9
|
+
# - User policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
|
|
10
|
+
# - Admin policies (TOML): 4 + priority/1000 (e.g., priority 100 → 4.100)
|
|
10
11
|
#
|
|
11
|
-
# This ensures Admin > User > Default hierarchy is always preserved,
|
|
12
|
+
# This ensures Admin > User > Workspace > Default hierarchy is always preserved,
|
|
12
13
|
# while allowing user-specified priorities to work within each tier.
|
|
13
14
|
#
|
|
14
|
-
# Settings-based and dynamic rules (all in user tier
|
|
15
|
-
#
|
|
16
|
-
#
|
|
17
|
-
#
|
|
18
|
-
#
|
|
19
|
-
#
|
|
20
|
-
#
|
|
15
|
+
# Settings-based and dynamic rules (all in user tier 3.x):
|
|
16
|
+
# 3.95: Tools that the user has selected as "Always Allow" in the interactive UI
|
|
17
|
+
# 3.9: MCP servers excluded list (security: persistent server blocks)
|
|
18
|
+
# 3.4: Command line flag --exclude-tools (explicit temporary blocks)
|
|
19
|
+
# 3.3: Command line flag --allowed-tools (explicit temporary allows)
|
|
20
|
+
# 3.2: MCP servers with trust=true (persistent trusted servers)
|
|
21
|
+
# 3.1: MCP servers allowed list (persistent general server allows)
|
|
21
22
|
#
|
|
22
23
|
# TOML policy priorities (before transformation):
|
|
23
24
|
# 10: Write tools default to ASK_USER (becomes 1.010 in default tier)
|
|
@@ -5,19 +5,20 @@
|
|
|
5
5
|
#
|
|
6
6
|
# Priority bands (tiers):
|
|
7
7
|
# - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
|
|
8
|
-
# -
|
|
9
|
-
# -
|
|
8
|
+
# - Workspace policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
|
|
9
|
+
# - User policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
|
|
10
|
+
# - Admin policies (TOML): 4 + priority/1000 (e.g., priority 100 → 4.100)
|
|
10
11
|
#
|
|
11
|
-
# This ensures Admin > User > Default hierarchy is always preserved,
|
|
12
|
+
# This ensures Admin > User > Workspace > Default hierarchy is always preserved,
|
|
12
13
|
# while allowing user-specified priorities to work within each tier.
|
|
13
14
|
#
|
|
14
|
-
# Settings-based and dynamic rules (all in user tier
|
|
15
|
-
#
|
|
16
|
-
#
|
|
17
|
-
#
|
|
18
|
-
#
|
|
19
|
-
#
|
|
20
|
-
#
|
|
15
|
+
# Settings-based and dynamic rules (all in user tier 3.x):
|
|
16
|
+
# 3.95: Tools that the user has selected as "Always Allow" in the interactive UI
|
|
17
|
+
# 3.9: MCP servers excluded list (security: persistent server blocks)
|
|
18
|
+
# 3.4: Command line flag --exclude-tools (explicit temporary blocks)
|
|
19
|
+
# 3.3: Command line flag --allowed-tools (explicit temporary allows)
|
|
20
|
+
# 3.2: MCP servers with trust=true (persistent trusted servers)
|
|
21
|
+
# 3.1: MCP servers allowed list (persistent general server allows)
|
|
21
22
|
#
|
|
22
23
|
# TOML policy priorities (before transformation):
|
|
23
24
|
# 10: Write tools default to ASK_USER (becomes 1.010 in default tier)
|
|
@@ -5,19 +5,20 @@
|
|
|
5
5
|
#
|
|
6
6
|
# Priority bands (tiers):
|
|
7
7
|
# - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
|
|
8
|
-
# -
|
|
9
|
-
# -
|
|
8
|
+
# - Workspace policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
|
|
9
|
+
# - User policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
|
|
10
|
+
# - Admin policies (TOML): 4 + priority/1000 (e.g., priority 100 → 4.100)
|
|
10
11
|
#
|
|
11
|
-
# This ensures Admin > User > Default hierarchy is always preserved,
|
|
12
|
+
# This ensures Admin > User > Workspace > Default hierarchy is always preserved,
|
|
12
13
|
# while allowing user-specified priorities to work within each tier.
|
|
13
14
|
#
|
|
14
|
-
# Settings-based and dynamic rules (all in user tier
|
|
15
|
-
#
|
|
16
|
-
#
|
|
17
|
-
#
|
|
18
|
-
#
|
|
19
|
-
#
|
|
20
|
-
#
|
|
15
|
+
# Settings-based and dynamic rules (all in user tier 3.x):
|
|
16
|
+
# 3.95: Tools that the user has selected as "Always Allow" in the interactive UI
|
|
17
|
+
# 3.9: MCP servers excluded list (security: persistent server blocks)
|
|
18
|
+
# 3.4: Command line flag --exclude-tools (explicit temporary blocks)
|
|
19
|
+
# 3.3: Command line flag --allowed-tools (explicit temporary allows)
|
|
20
|
+
# 3.2: MCP servers with trust=true (persistent trusted servers)
|
|
21
|
+
# 3.1: MCP servers allowed list (persistent general server allows)
|
|
21
22
|
#
|
|
22
23
|
# TOML policy priorities (before transformation):
|
|
23
24
|
# 10: Write tools default to ASK_USER (becomes 1.010 in default tier)
|